Manalyze report for f48bf08687948ead049686cdee0e92dd

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-05 17:22:54
Detected languages	English - United States
FileDescription	Wealth Resolution
FileVersion	`1.0.0.0`
ProductVersion	`1.0.0.0`
LegalCopyright	Apt Pleasant Wealth Resolution 2018-2025
ProductName	Wealth Resolution
CompanyName	Apt Pleasant Wealth Resolution

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	PEiD Signature:	`Crunch/PE v5.0`
Info	Interesting strings found in the binary:	`Contains domain names: example.com https://curl.se`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to AES` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: CreateProcessA` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptEncrypt CryptDestroyHash CryptCreateHash CryptGetHashParam CryptHashData CryptAcquireContextW CryptDestroyKey CryptImportKey` `Can create temporary files: GetTempPathW CreateFileA GetTempPathA CreateFileW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Enumerates local disk drives: GetDriveTypeW`
Info	The PE is digitally signed.	`Signer: Bitcoin Futures LLC` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Malicious	VirusTotal score: 4/72 (Scanned on 2026-02-04 13:09:01)	`DrWeb: Adware.Downware.20796` `Gridinsoft: Adware.Win32.SpecialSearchOffer.bot` `Malwarebytes: Adware.SpecialSearchOffer` `VBA32: BScope.RiskTool.DeceptPCClean`

Hashes

MD5	`f48bf08687948ead049686cdee0e92dd`
SHA1	`606966a9ec33765baedf63331595d1168f2a596f`
SHA256	`74091f5a8746a1c68d73e1fc1e4e1ff514632ee3f632a8b306f35dabae2d2b64`
SHA3	`4e71881a384b04f64d5124a5fc30d3f3b1d893603fd6ad602091bbe72876ae87`
SSDeep	`393216:WJFXmhjx1n2FmYS9pGKOJwC2jA5xlDvMud0dLqPkbrSOG2d6ytHlku:WJF2hjzK2OGfEhP0JqHOG8qu`
Imports Hash	`b06b004562ff14c148c6fdb85e9eb6a9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x138`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Dec-05 17:22:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x3af400`
SizeOfInitializedData	`0x4cc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0031FCFE (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3b1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3ff000`
SizeOfHeaders	`0x400`
Checksum	`0x13e7c02`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cb736e1bbce7ac2940d62a573a99dc9c`
SHA1	`2df8efb7c21ece0484999b3e8436f4ccf000fdf9`
SHA256	`e38b871ecdf1aa5706b67a288c48df7d61830065a63027b557720eb35b8b196f`
SHA3	`30d2f016f04001d70933ceffebff7c1da7bd2a5847598ebfcbda0459911d261d`
VirtualSize	`0x3af20c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3af400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.80915`

.rdata

MD5	`42997a1e04ceaf07ed09bf03ba790dd7`
SHA1	`afb50135d5da2749105a1d30e1cebe9b99d7fac6`
SHA256	`671f630b7c2eafe0f5ad402b44020307275272cd07616366fd129624a714e90f`
SHA3	`28fb3ce92707831ce0d1b848c9e448b8885421e359d0019305cf4e08b689348d`
VirtualSize	`0x34b98`
VirtualAddress	`0x3b1000`
SizeOfRawData	`0x34c00`
PointerToRawData	`0x3af800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.56005`

.data

MD5	`ba4461d196692d18105b0efe5464db85`
SHA1	`62e4f05c40f83e7b4d41e220a2a60ec3cd681f47`
SHA256	`9372c12162d1c880b6c2108c175ab17b7aeeeca04d70d33703cb0b6e2e9fbac3`
SHA3	`5e05592eb4e2accdf52e747a460c4f8b5d703b68a1692c5b7902acc2aa2d5f13`
VirtualSize	`0x7428`
VirtualAddress	`0x3e6000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x3e4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.69509`

.rsrc

MD5	`bbad770a95737f93c84797c945a68f03`
SHA1	`fad979936a05ec91c76d9bb4244f5a38657389f0`
SHA256	`273701954f5a04993f51f05b73da07cf79f253b841b9acf6c436c28dacf8ee1d`
SHA3	`29b5aa36a8eeec4810fd7860359afb5b6a8c2d0d7b24c00ff0f790c6298d4d93`
VirtualSize	`0xc30`
VirtualAddress	`0x3ee000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x3e7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.68852`

.reloc

MD5	`521c531e061200916d70d255f6f049dc`
SHA1	`8b3534beee9b626e7f9663b5ea2324cdc2025ce3`
SHA256	`881d86ddb9fe09face024b0d6a516fe5ace45c67e8f248a1087d12cf86dd3573`
SHA3	`8c8eaba732df673d62bc666753d54e306880a4ed30f5395ffed9950850362559`
VirtualSize	`0xfa28`
VirtualAddress	`0x3ef000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x3e8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.5647`

Imports

KERNEL32.dll	`LoadLibraryExW` `GlobalMemoryStatus` `GetCPInfo` `PeekNamedPipe` `DuplicateHandle` `SetFileTime` `TlsSetValue` `MoveFileExW` `InterlockedPushEntrySList` `TlsAlloc` `GetTempPathW` `GetVersion` `SetFilePointer` `SetEnvironmentVariableA` `CreateEventA` `GetFileAttributesA` `GetUserDefaultLCID` `CreateFileA` `FileTimeToSystemTime` `GetModuleHandleW` `CreateThread` `HeapReAlloc` `GetDateFormatW` `GetThreadPriority` `FindFirstFileW` `GetTickCount` `FreeEnvironmentStringsW` `GetVersionExW` `RemoveDirectoryA` `ReadFile` `FindClose` `TlsGetValue` `GetDriveTypeW` `CreateEventW` `GetTempFileNameW` `GetLocaleInfoW` `GetProcessHeap` `GetSystemTimeAsFileTime` `FreeLibraryAndExitThread` `RegisterWaitForSingleObject` `RaiseException` `CreateProcessA` `GetModuleHandleExW` `SetFilePointerEx` `GetModuleFileNameW` `IsValidCodePage` `VirtualAlloc` `FindNextFileW` `GetSystemInfo` `GetExitCodeThread` `EnterCriticalSection` `GetStringTypeW` `UnhandledExceptionFilter` `UnregisterWaitEx` `ReadConsoleW` `GetEnvironmentStringsW` `RtlUnwind` `WriteFile` `MultiByteToWideChar` `WaitForSingleObjectEx` `LCMapStringW` `GetCurrentProcessId` `GetTimeZoneInformation` `GetThreadTimes` `UnregisterWait` `LeaveCriticalSection` `ExitThread` `EnumSystemLocalesW` `GetTimeFormatW` `VirtualFree` `GetSystemDirectoryW` `DeleteCriticalSection` `DecodePointer` `FindFirstFileExA` `CreateDirectoryW` `FindFirstFileA` `InitializeCriticalSectionEx` `SetCurrentDirectoryW` `CreateTimerQueue` `TerminateProcess` `GetVersionExA` `AcquireSRWLockExclusive` `SystemTimeToTzSpecificLocalTime` `SetStdHandle` `CloseHandle` `IsProcessorFeaturePresent` `FormatMessageW` `GetProcessAffinityMask` `GetTempPathA` `DeleteTimerQueueTimer` `InitializeCriticalSection` `GetLastError` `SetEndOfFile` `GetFileAttributesW` `GetFileInformationByHandle` `EncodePointer` `SetLastError` `HeapSize` `GetOEMCP` `GetFileSize` `SetThreadAffinityMask` `InterlockedPopEntrySList` `GetFileType` `ExitProcess` `CreateDirectoryA` `LocalFree` `InitializeSListHead` `RemoveDirectoryW` `SetFileAttributesA` `SleepEx` `DeleteFileA` `CreateTimerQueueTimer` `TryEnterCriticalSection` `SetUnhandledExceptionFilter` `GetFileSizeEx` `SetFileAttributesW` `VerifyVersionInfoW` `FormatMessageA` `HeapAlloc` `GetConsoleMode` `GetCurrentProcess` `LoadLibraryW` `AreFileApisANSI` `GetModuleHandleA` `Sleep` `TlsFree` `SetThreadPriority` `IsValidLocale` `SetEvent` `GetFullPathNameW` `InterlockedFlushSList` `ReleaseSRWLockExclusive` `GetStartupInfoW` `GetLogicalProcessorInformation` `HeapFree` `GetEnvironmentVariableA` `GetCurrentThread` `SignalObjectAndWait` `WriteConsoleW` `GetModuleFileNameA` `SwitchToThread` `ResetEvent` `WaitForMultipleObjects` `VirtualProtect` `QueryDepthSList` `ReleaseSemaphore` `InitializeCriticalSectionAndSpinCount` `GetCurrentThreadId` `CreateSemaphoreA` `DeleteFileW` `FlushFileBuffers` `SetCurrentDirectoryA` `CreateFileW` `GetCommandLineA` `CompareStringW` `ChangeTimerQueueTimer` `WideCharToMultiByte` `QueryPerformanceCounter` `GetConsoleCP` `FreeLibrary` `GetCommandLineW` `GetCurrentDirectoryW` `GetStdHandle` `FindNextFileA` `GetNumaHighestNodeNumber` `IsDebuggerPresent` `GetFileAttributesExW` `QueryPerformanceFrequency` `GetProcAddress` `WaitForSingleObject` `GetCurrentDirectoryA` `GetACP` `VerSetConditionMask`
USER32.dll	`GetDlgItem` `PostMessageA` `DialogBoxParamW` `LoadStringA` `CharUpperW` `MessageBoxW` `CharUpperA` `SetTimer` `LoadStringW` `DestroyWindow` `KillTimer` `SetWindowTextW` `GetWindowLongA` `SetWindowLongA` `DialogBoxParamA` `SendMessageA` `SetWindowTextA` `LoadIconA` `ShowWindow` `EndDialog`
SHELL32.dll	`ShellExecuteExA`
OLEAUT32.dll	`VariantClear` `SysStringLen` `SysAllocStringLen`
bcrypt.dll	`BCryptGenRandom`
ADVAPI32.dll	`CryptReleaseContext` `CryptEncrypt` `CryptDestroyHash` `CryptCreateHash` `CryptGetHashParam` `CryptHashData` `CryptAcquireContextW` `CryptDestroyKey` `CryptImportKey`

Delayed Imports

UpdChecksum

Ordinal	`1`
Address	`0x305ae0`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75404`
MD5	`45dfb274318b08cbcf6c20733ca0ecb0`
SHA1	`92b48f895f6f1296bfd00b57801890ec4e3779ec`
SHA256	`12433a0afda687b794b86c11b19d92c96d437765fe7513056c249136ff4e2c41`
SHA3	`bff76d485f8f0f9097d9c287512c59a006bc878edcc35272760b9280d8abfce0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18403`
MD5	`a792cef939f02d76cd876d1da1ffd1b7`
SHA1	`63e2d98ac53e5763e269277d05a1d1737dc04974`
SHA256	`fe174802e7a3a9d4ef79ae6e9baf2f3dedb02b8c0f5f5342ad04a37e3b9d6eeb`
SHA3	`39848cd80ec893f2971c96b27a6bdce65825c9f9dfb824e4b3f86ab87df3e3e7`

97

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93146`
MD5	`e1bee661b2e03cd5cc90cf44ee35d482`
SHA1	`adf060252f018daba3a5cc607e806fbeb703a176`
SHA256	`285f2173eb38d3f6828dbab2b059b8107ddb0985f4d1c6d19c2ad57169e98b6b`
SHA3	`a292a055e4778c4307cbeead729875063c3ff37c4206c5b89538d0e804725bd4`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38262`
MD5	`6e4db8988b0449f6512d49ce3a9517a7`
SHA1	`1eab5aa4c5fdda84410577afb775aa3d9b09d6c3`
SHA256	`4a208f52d1765405454937584c93131b2acee7c9baf7a7a288ad6244ff47a2b4`
SHA3	`95f7fdefb0b4787b0c30006573b2d7dd1789a56ad66d87acc9eb9899a607a2c6`

188

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.17822`
MD5	`a70f26327fbf4252448d9ccccd842faf`
SHA1	`3a015c9d0f7e490a25be55e204d844c7de9f9d2e`
SHA256	`b5e7c4be8f403ccb671414c2a534c72cdaf1a8461edf59caba03ac7216780749`
SHA3	`70eb8333298da9ef6c413c220399886dc44d013e16ec266aa66b044066dda1c7`

207

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43775`
MD5	`716f3259b70c376b8757003128391219`
SHA1	`a1b172c455640670db67ade9d9c7b62d9d2d3396`
SHA256	`5b51218d289f8381b271c6d4d224c67e99c9cdbf9d3f529bb8da29687f7180ec`
SHA3	`d9f9ec98368534575af8442776bcb377303669e86ec003f9af3b5508c1d21d26`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33711`
MD5	`d8322b632bb328ec2d50f6efec9e27ed`
SHA1	`8de38948c79c3f8383e767e6944eb50eae1fb8cc`
SHA256	`006f352f2d79457b0fcf575b1ee32460be41fb17e52c7e86280be30a1a0de610`
SHA3	`50c41afd3d9f4bef80859e1900e98f03581af21ffe6289a934199860340c9f9a`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Wealth Resolution
FileVersion (#2)	1.0.0.0
ProductVersion (#2)	1.0.0.0
LegalCopyright	Apt Pleasant Wealth Resolution 2018-2025
ProductName	Wealth Resolution
CompanyName	Apt Pleasant Wealth Resolution

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-05 17:22:54
Version	`0.0`
SizeofData	`844`
AddressOfRawData	`0x3ddf5c`
PointerToRawData	`0x3dc75c`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x7e6034`
SEHandlerTable	`0x7ddac0`
SEHandlerCount	`295`

RICH Header

XOR Key	`0xa4b4acb2`
Unmarked objects	`0`
Imports (23907)	`2`
ASM objects (23907)	`1`
C++ objects (23907)	`17`
C objects (23907)	`10`
Imports (VS2015 UPD2 build 23918)	`2`
Imports (VS2017 v15.5.2 compiler 25831)	`2`
Imports (VS2008 SP1 build 30729)	`15`
Total imports	`207`
C++ objects (VS2015 UPD2 build 23918)	`1`
Resource objects (VS2015 UPD2 build 23918)	`1`
Linker (VS2015 UPD2 build 23918)	`1`

f48bf08687948ead049686cdee0e92dd

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

UpdChecksum

1

2

97

1 (#2)

188

207

1 (#3)

1 (#4)

1 (#5)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors